Hands-on: Blue Hydra can expose the all-too-unhidden world of Bluetooth

My new neighbor was using AirDrop to move some files from his phone to his iMac. I hadn’t introduced myself yet, but I already knew his name. Meanwhile, someone with a Pebble watch was walking past, and someone named “Johnny B” was idling at the stoplight at the corner in their Volkswagen Beetle, following directions from their Garmin Nuvi. Another person was using an Apple Pencil with their iPad at a nearby shop. And someone just turned on their Samsung smart television.

I knew all this because each person advertised their presence wirelessly, either over “classic” Bluetooth or the newer Bluetooth Low Energy (BTLE) protocol—and I was running an open source tool called Blue Hydra, a project from the team at Pwnie Express. Blue Hydra is intended to give security professionals a way of tracking the presence of traditional Bluetooth, BTLE devices, and BTLE “iBeacon” proximity sensors. But it can also be connected to other tools to provide alerts on the presence of particular devices.

Despite their “Low Energy” moniker, BTLE devices are constantly polling the world even while in “sleep” mode. And while they use randomized media access control (MAC) addresses, they advertise other data that is unique to each device, including a universally unique identifier (UUID). As a result, if you can tie a specific UUID to a device by other means, you can track the device and its owner. By using the Received Signal Strength Indication (RSSI), you can get a sense of how far away they are.

Read 6 remaining paragraphs | Comments